Home
/
Avaya
/
P333R-LB
/
Installation And Configuration Manual

Avaya P333R-LB, Installation And Configuration Manual

Share

Page: 158 / 218

Avaya P333R-LB Installation And Configuration Manual Download Page 158

Chapter 14

Load Balancing in the P333R-LB

16

Avaya

P333R-LB

User’s Guide

configuration example.

Persistency

Firewalls perform a Stateful Inspection on every session passing through them and
drop a session if not all of its traffic passes through the same firewall. Therefore,
when load-balancing between different firewalls, it is imperative that all traffic
belonging to a given session traverses the same firewall.
The P333R-LB achieves this goal by implementing a sophisticated persistency
mechanism, based on packet characteristics inspection. A symmetric hash function
in each module is calculated based on the source and destination IP addresses. The
P333R-LB assures that packets with the same characteristics traverse the same
firewall in both directions throughout the session.
In the case where there are two P333R-LBs (one on each side of the firewalls),
persistency is ensured only if each P333R-LB is configured so that they are
compatable with each other. If they are not, and there is a change in the network
that affects internal device decisions (for example, adding or removing a Real
Server), persistency, or even the network connection, could be lost.

Non-Transparent Routing Firewall Load Balancing

This section explains how the P333R-LB supports non-Transparent Routing
firewalls, and includes configuration examples as well.

Implementation

Non-Transparent Routing firewalls are firewalls that support dynamic NAT
(Network Address Translation).
For non-Transparent FWLB, the load balancer receives an outgoing packet, makes a
load balancing decision, and forwards the packet to a firewall. The firewall keeps a
bank of IP addresses and replaces the source IP of the incoming packet (from the
LAN) with a unique, yet arbitrary IP address from this bank. The firewall then
forwards the packet to an edge router which routes it to the correct destination on
the WAN.
For incoming packets, the unique NAT address is used as a destination IP to access
the same firewall. The firewall performs reverse NAT by replacing the NAT
destination address with the actual destination address (the client IP address), and
then forwards the packet to the load balancer which routes the packet to its
destination. No Load Balancing is performed on incoming packets.
For non-Transparent Routing FWLB, only one Load Balancing device is required.
The device is positioned on the LAN (internal) side of the firewalls. Since the
firewalls perform NAT, a Load Balancing device is not needed between the WAN
and the firewalls.
As well, non-Transparent Routing FWLB can be configured using static NAT. In

«
...
156
157
158
159
160
...
»

Summary of Contents for P333R-LB

Page 1: ...Avaya Installation and Configuration Guide AVAYA P333R LB STACKABLE SWITCH SOFTWARE VERSION 4 0 April 2003...

Page 2: ......

Page 3: ...30 Device Manager Embedded Web 2 Avaya P330 Command Line Interface CLI 2 Avaya Multi Service Network Manager MSNM 2 Port Mirroring 2 SMON 3 Fans Power Supply and BUPS Monitoring 3 Chapter 2 Standards...

Page 4: ...ansion Module 14 ATM Expansion Modules 14 Safety Information 15 WAN Expansion Modules 15 Section 2 Installing the P330 Chapter 4 Installation 19 Required Tools 19 Site Preparation 19 Rack Mounting Opt...

Page 5: ...ion 39 Introduction 39 CLI Architecture 39 Security Levels 39 Entering the Supervisor Level 40 Defining new local users 40 Exiting the Supervisor Level 41 Entering the CLI 41 RADIUS 41 Introduction to...

Page 6: ...t Based Authentication Works 67 PBNAC Implementation in the P330 Family 67 Configuring the P330 for PBNAC 68 PBNAC CLI Commands 68 Spanning Tree Protocol 71 Overview 71 Spanning Tree Protocol 71 Spann...

Page 7: ...P Configuration CLI Commands 92 Assigning Initial Router Parameters 93 RIP Routing Interchange Protocol Configuration 95 RIP Overview 95 RIP2 96 RIP CLI Commands 96 OSPF Open Shortest Path First Confi...

Page 8: ...12 Layer 3 Configuration File 113 Chapter 13 Layer 3 Redundancy 115 VRRP 115 VRRP Commands 116 Configuration Example 118 SRRP 121 SRRP Commands 121 Additional Redundancy Schemes 122 Real Server Group...

Page 9: ...alancing 26 Configuring Server Load Balancing in the P333R LB 28 Half NAT Based Configuration 28 Full NAT Load Balancing 30 Full NAT Based Configuration 32 Direct Server Return DSR Triangulation Redir...

Page 10: ...Plug In on your Web Site 64 Section 2 Troubleshooting and Maintaining the P330 Chapter 16 Troubleshooting the Installation 67 Troubleshooting the Installation 67 Chapter 17 Maintenance 69 Introduction...

Page 11: ...harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with t...

Page 12: ...g in inverted commas Notes Cautions and Warnings Note Notes contain helpful information or hints or reference to material in other documentation Caution You should take care You could do something tha...

Page 13: ...Avaya AVAYA P333R LB SECTION 1 OVERVIEW OF THE P330...

Page 14: ......

Page 15: ...a P330 is fully compliant with IEEE standards for VLAN Tagging Gigabit Ethernet Spanning Tree and Flow Control This full standards compliance combined with auto negotiation for 10 100 1000 Mbps and ha...

Page 16: ...for local or remote configuration of Avaya P330 features and functions Avaya Multi Service Network Manager MSNM When you need extra control and monitoring or wish to manage other Avaya network equipm...

Page 17: ...terprise Monitoring Device Monitoring VLAN Monitoring Port level Monitoring This top down approach gives you rapid troubleshooting and performance trending to keep the network running optimally Note M...

Page 18: ...Chapter 1 Avaya P333R LB Overview 4 Avaya P333R LB User s Guide...

Page 19: ...d Internet RFC 1155 Simple Network Management Protocol SNMP RFC 1157 PPP Internet Protocol Control Protocol IPCP RFC 1332 PPP Authentication Protocols PAP CHAP RFC 1334 PPP RFC 1661 ATM Management RFC...

Page 20: ...ications and Extensions for the Bootstrap Protocol Information RFC 1542 OSPF Version 2 RFC 1583 RIP Version 2 Carrying Additional Information RFC 1723 RIP Version 2 MIB Extension RFC 1724 Requirements...

Page 21: ...vironmental Height 2U 88 mm 3 5 Width 482 6 mm 19 Depth 450 mm 17 7 Weight 7 5 kg 16 5 lb Input voltage 100 to 240 VAC 50 60 Hz Power dissipation 150 W max Input current 5 3 A Input voltage 36 to 72 V...

Page 22: ...icted Access Areas only Installation Codes This unit must be installed in accordance with the US National Electrical Code Article 110 and the Canadian Electrical Code Section 12 Conductor Ampacity Per...

Page 23: ...nector on front panel Basic MTBF hrs minimum Stacking Module Table A 1 Stacking Module Expansion Modules Gigabit Ethernet Expansion Modules Laser Safety The Avaya X330S1 S2 multi mode transceivers and...

Page 24: ...ditions of operation Caution The use of optical instruments with this product will increase eye hazard Usage Restriction The optical ports of the module must be terminated with an optical connector or...

Page 25: ...62 5 m and 50 m MMF Min 20 dbm Max 3 dbm Fast Ethernet Fiber Expansion Module Ethernet Fast Ethernet Expansion Module Table A 3 Fiber Fast Ethernet Expansion Module Name Number of Ports Interface X330...

Page 26: ...he X330G2 Expansion Module socket This provides you with a highly modular and customisable Gigabit Ethernet interface The GBIC transceivers are hot swappable Safety Information The multimode and singl...

Page 27: ...ode fiber SMF cable may be connected to a 1000Base LX GBIC port The maximum length is 10 km 32 808 ft A 50 mm or 62 5 mm multimode MMF fiber cable may be connected to a 1000Base LX GBIC port The maxim...

Page 28: ...software versions 2 4 and higher ATM Expansion Modules There are two Avaya P330 ATM Expansion Modules X330 OC12F1 500m Multimode fiber can also be OC 3 reduced range X330 OC12S1 15 km Single mode fibe...

Page 29: ...apply to the X330 ATM Modules equipped with multi mode fiber Warning Class 1 LED Product Do not view the LED through any magnifying device while it is powered on Never look directly at the fiber Tx p...

Page 30: ...rial Ports one 10 100Base T Fast Ethernet port and one Console port An Avaya P330 stack can have X330WAN access router modules inserted in each of the switches in the stack with an expansion slot A ma...

Page 31: ...Avaya AVAYA P333R LB SECTION 2 INSTALLING THE P330...

Page 32: ......

Page 33: ...les can be connected easily and according to the configuration rule Cabling is away from sources of electrical noise such as radio transmitters broadcast amplifiers power lines and fluorescent lightin...

Page 34: ...r 4 Installation 20 Avaya P333R LB User s Guide Table 4 3 Power Requirements DC Power dissipation 150 W max Input current 5 3 A Input voltage 36 to 72 VDC Power dissipation 150 W max Input current 5 1...

Page 35: ...ends of the front panel to reveal the fixing holes 2 Insert the unit into the rack Ensure that the four Avaya P330 screw holes are aligned with the rack hole positions as shown in Figure 4 1 Figure 4...

Page 36: ...hten the two screws on the side panel of the stacking sub module by turning them Note The Avaya P330 switch must not be operated with the back slot open the stacking sub module should be covered with...

Page 37: ...stack redundancy use the Redundant Cable to connect the port marked to lower unit on the bottom switch to the port marked to upper unit on the top switch of the stack 5 Power up the added modules Caut...

Page 38: ...S Connector Power Supply Connector BUPS Connector Power Supply Connector BUPS Connector Power Supply Connector BUPS Connector 5 4 3 2 1 Cable to Upper Unit Cable to Lower Unit Cable to Upper Unit Cabl...

Page 39: ...if installed 2 Insert the sub module gently into the slot ensuring that the Printed Circuit Board PCB is aligned with the guide rails The PCB not the metal base plate fits into the guide rail 3 Firmly...

Page 40: ...T 100Base FX 1000Base T 1000Base SX and 1000Base LX WAN by type X330W 2DS1 E1 T1 10 100Base T X330W 2USP USP V 35 10 100Base T Note To interconnect Avaya P330 switches with twisted pairs crossed cable...

Page 41: ...Diameter m Modal Bandwidth MhzKm Maximum Distance m Minimum Distance m Wavelength nm 1000BASE SX MM 62 5 160 220 2 850 1000BASE SX MM 62 5 200 275 2 850 1000BASE SX MM 50 400 500 2 850 1000BASE SX MM...

Page 42: ...Chapter 4 Installation 28 Avaya P333R LB User s Guide...

Page 43: ...t version of the Avaya P330 connect the power cable to the switch at the input terminal block 1 The terminals are marked and with the IEC 5019a Ground symbol 2 The size of the three screws in the term...

Page 44: ...cation please refer to Troubleshooting the Installation Table 5 1 Post Installation Indications Procedure Indication Troubleshooting Information Powering the P330 All front panel LEDs illuminate brief...

Page 45: ...nated function LED The function is selected by pressing the left or right button until the desired parameter LED is illuminated Figure 6 1 shows the Avaya front panel shows a detailed view of the LEDs...

Page 46: ...d Redundant cable are connected correctly This LED will also light in Standalone mode Blink Box is the stack Master and the stack is in redundant mode The following Function LEDs apply to ports 1 to 6...

Page 47: ...N 100 1000 LAG Link Aggregation Group Trunking OFF No LAG defined for this port ON Port belongs to a LAG Table 6 2 Avaya P330 Select buttons Description Function Left Right Individual select LED funct...

Page 48: ...aya P333R LB User s Guide BUPS Input Connector The BUPS input connector is a 5 VDC connector for use with the Avaya P330 BUPS unit only A BUPS Input sticker appears directly to the right the BUPS inpu...

Page 49: ...e 9600 bps Data Bits 8 bits Parity None Stop Bit 1 Flow Control None Terminal Emulation VT 100 Connecting a Terminal to the Avaya P330 Serial port Perform the following steps to connect a terminal to...

Page 50: ...on router To configure the switch parameters on module 6 type the command session 6 switch Note When you use the session command the security level stays the same Assigning P330 s IP Stack Address Not...

Page 51: ...the network 2 Verify that you can communicate with the Avaya P330 using Ping to the IP of the Avaya P330 If there is no response using Ping check the IP address and default gateway of both the Avaya...

Page 52: ...ervisor Level 4 At the prompt type set interface ppp ip_addr net mask with an IP address and netmask to be used by the Avaya P330 to connect via its PPP interface Note The PPP interface configured wit...

Page 53: ...ya P330 Reference Guide To switch between the entities use the session command Security Levels There are four security access levels User Privileged Configure and Supervisor The User level read only i...

Page 54: ...e of the CLI If you change the passwords of the CLI then those passwords become active for Web management as well Entering the Supervisor Level The Supervisor level is the level in which you first ent...

Page 55: ...ead write user has to be changed into a read only user you must change all the read write passwords configured locally in every switch in order to prevent him from accessing this level This is obvious...

Page 56: ...ment The Remote Authentication Dial In User Service RADIUS is an IETF standard RFC 2138 client server security protocol Security and login information is stored in a central location known as the RADI...

Page 57: ...entication Procedure Radius Commands User attempts login Local User account authenticated in switch Perform log in according to user s priviliege level to switch Yes Authentication request sent to RAD...

Page 58: ...ss set radius authentication server Configure a character string to be used as a shared secret between the switch and the RADIUS server set radius authentication secret Set the RFC 2138 approved UDP p...

Page 59: ...anager is done by checking the Source IP address of the packets thus if the Source IP address is modified on the way NAT Proxy etc even an Allowed Manager will not be able to access the P330 Allowed M...

Page 60: ...Chapter 8 User Authentication 46 Avaya P333R LB User s Guide...

Page 61: ...Avaya AVAYA P333R LB SECTION 3 CONFIGURATION OF THE P330...

Page 62: ......

Page 63: ...expansion modules and Media Gateway Processor of G700 session Display or set the terminal width in characters terminal width Display or set the terminal length in lines terminal length Display or set...

Page 64: ...to configure and display the mode of operation for the switch and display key parameters In order to Use the following command Configure the system name set system name Configure the system contact pe...

Page 65: ...information and acquiring parameters In order to Use the following command Restore the time zone to its default UTC clear timezone Configure the time zone for the system set timezone Configure the ti...

Page 66: ...Chapter 9 Basic Switch Configuration 52 Avaya P333R LB User s Guide...

Page 67: ...see Embedded Web Manager For instructions on the use of the graphical user interfaces refer to the Device Manager User s Guide on the Documentation and Utilities CD Avaya P330 Default Settings The de...

Page 68: ...Default Setting 10 100Base TX ports 100Base F ports 1000 Base X ports Duplex mode Full duplex Full duplex Full duplex only Port Speed 100M 100M 1000M Flow control Off Off Off Flow control advertisemen...

Page 69: ...tions operate in their default settings unless configured otherwise Port priority 0 0 0 Spanning Tree cost 20 20 4 Spanning Tree port priority 128 128 128 1 Ensure that the other side is also set to A...

Page 70: ...Chapter 10 Default Settings of the P330 56 Avaya P333R LB User s Guide...

Page 71: ...d Network Access Control Spanning Tree Protocol Rapid Spanning Tree Protocol MAC Security Link Aggregation Group LAG Port Redundancy IP Multicast Filtering Stack Health Stack Redundancy Port Classific...

Page 72: ...tocol that runs between two stations two switchs or a station and a switch When enabled Auto Negotiation negotiates port speed and duplex mode by detecting the highest common denominator port connecti...

Page 73: ...etworkl traffic Priority determines in which order packets are sent on the network and is a key part of QoS Quality of Service The IEEE standard for priority on Ethernet networks is 802 1p Avaya P330...

Page 74: ...reply is received the CAM table is updated with the new address VLAN port mapping Ethernet Configuration CLI Commands The following table contains a list of the configuration CLI commands for the Eth...

Page 75: ...level of a port set port level Display settings and status for all ports show port Display per port status information related to flow control show port flowcontrol Display the flow control advertisem...

Page 76: ...the Management VLAN consists of stations on numerous floors of the building and which are connected to both Device A and Device B Figure 11 1 VLAN Overview In virtual topological networks the network...

Page 77: ...e port are assigned the port s VLAN ID Tagged frames are unaffected by the port s VLAN ID The Tagging Mode determines the behavior of the port that processes outgoing frames If Tagging Mode is set to...

Page 78: ...urity When a VLAN tagged packet arrives at a port only the packets with the VLAN tag corresponding to the VLANs which are configured on the port will be accepted Packets with other VLAN tags will be d...

Page 79: ...t port vlan Define the port binding method set port vlan binding mode Define a static VLAN for a port set port static vlan Configure the tagging mode of a port set trunk Create VLANs set vlan Display...

Page 80: ...yer 2 Features 66 Avaya P333R LB User s Guide VLAN Implementation in the Avaya P333R LB This section describes the implementation of the VLAN feature in the Avaya P333R LB No of VLANs 1024 tagged VLAN...

Page 81: ...a means of authenticating and authorizing users attached to a LAN port and of preventing access to that port in cases wher the authentication process fails The authentication procedure is port based w...

Page 82: ...ure RADIUS parameters Enable the RADIUS feature Configure the port used to access the RADIUS server as force authorized Connect the Supplicant i e Windows XP clients directly to the P330 Verify that t...

Page 83: ...statistics Set the minimal idle time between authentication attempts set dot1x quiet period Set the time interval between attempts to access the Authenticated Station set dot1x tx period Set the serve...

Page 84: ...per port a time interval between attempts to access the Authenticated Station set port dot1x tx period Set the supp timeout per port a time for the port to wait for a reply from the Authenticated Sta...

Page 85: ...ut of any arrangement of bridges The result is a single path between any two end stations on an extended network Provides a high degree of fault tolerance It allows the network to automatically reconf...

Page 86: ...e to the network segment The RSTP algorithm makes it possible to change port roles rapidly through its fast topology change propagation mechanism For example a port in the blocking state can be assign...

Page 87: ...itations that govern the implementation of Spanning Tree in the P330 line RSTP s fast convergence benefits are lost when interacting with legacy STP bridges When RSTP detects STP Bridge Protocol Data...

Page 88: ...andss In order to Use the following command Enable Disable the spanning tree application for the switch set spantree Set the bridge priority for spanning tree set spantree priority Set the RSTP bridge...

Page 89: ...admin and operational RSTP state show port edge state Set the port as an RSTP edge port or non edge port set port edge admin state Set the port point to point admin status set port point to point adm...

Page 90: ...y 15 minutes if the intrusion continues User should first enable the MAC security global mode set security mode and then configure the ports which should be secured set port security When setting a po...

Page 91: ...ession command set secure mac Remove a unicast MAC address from CAM table of a secured port session command clear secure mac Display the status of the MAC security feature enabled disabled show securi...

Page 92: ...of the base port such as port speed VLAN number etc are applied to all the other member ports in the LAG When created each LAG is automatically assigned a logical port number usually designated 10x Th...

Page 93: ...tion describes the implementation of the LAG feature in the P330 Family of products The P333R LB supports up to 5 LAGs Up to three LAGs from three groups of 8 10 100 Mbps ports Logical port 101 ports1...

Page 94: ...ts up to 20 pairs of ports per stack The redundant or secondary port takes over when the primary port link is down Port redundancy provides for the following in the P330 Switchback from the secondary...

Page 95: ...Note Defining intermodule port redundancy on ports with no link causes both ports to be disabled You should connect the link prior to attempting to define intermodule port redundancy Note Once a port...

Page 96: ...ration set port redundancy interval Display information on port redundancy schemes show port redundancy Define the switch s unique intermodule redundancy scheme set intermodule port redundancy Clear t...

Page 97: ...tch ports need to receive which multicast packets and configures the necessary information into the switch s hardware tables This learning is based on IGMP version 1 or 2 snooping The multicast filter...

Page 98: ...the Avaya P333R LB No of multicast groups 1000 In order to Use the following command Enable or disable the IP multicast filtering application set intelligent multicast Define aging time for client po...

Page 99: ...able is present the user is prompted to disconnect one of the short Octaplane cables and the redundant connection will be checked Then when prompted the cable should be reconnected and the test will r...

Page 100: ...when the port is disabled and a fast aging operation on the CAM table will be performed This feature is particularly useful for the link intermodule redundancy application where you need to be inform...

Page 101: ...ues uninterrupted The single management IP address for the stack is also preserved for uninterrupted management and monitoring You can remove or replace any unit within the stack without disrupting op...

Page 102: ...Chapter 11 Avaya P330 Layer 2 Features 88 Avaya P333R LB User s Guide...

Page 103: ...sements inform other routers of the state of the sender s links Link information can also be used to build a complete picture of the network s topology Once the network topology is understood routers...

Page 104: ...P Table on page 111 Within an enterprise routers serve as an intranet backbone that interconnects all networks This architecture strings several routers together via a high speed LAN topology such as...

Page 105: ...r example if there are two interfaces over the same VLAN and you configure DHCP server on one interface it will be used also for the second interface over the same VLAN This behavior might be less exp...

Page 106: ...ministrative state of an IP interface ip admin state Update the interface broadcast address ip broadcast address Define a default gateway router ip default gateway Define the interface RIP route metri...

Page 107: ...s Router commands from the Master module type the command session module number router where module number is the location of the router module in the stack and press Enter The command prompt changes...

Page 108: ...u have created Use the command Router configure if interface name ip address ip address netmask Press Enter 9 Assign a vlan to the IP interface you have created Type Assign a vlan to the IP interface...

Page 109: ...RIPv1 you must not configure supernets which are networks with a mask smaller than the natural net mask of the address class such as 192 1 0 0 with mask 255 255 0 0 smaller than the natural class C m...

Page 110: ...following command Configure the Routing Information Protocol RIP router rip Specify a list of networks on which the RIP is running network Redistribute routing information from other protocols into R...

Page 111: ...Guide 97 Specify the type of authentication used in RIP Version 2 packets ip rip authentication mode Set the authentication string used on the interface ip rip authentication key Specify the RIP time...

Page 112: ...state algorithms to send routing information to all nodes in an internetwork by calculating the shortest path to each node This calculation is based on a topography of the Internet constructed by each...

Page 113: ...f cost Specify the time interval between hellos the router sends ip ospf hello interval Configure the interval before declaring the neighbor as dead ip ospf dead interval Configure interface priority...

Page 114: ...e Local static routes such as those that have no next hop are not allowed Two kinds of static routes can be configured High Preference static routes which are preferred to routes learned from any rout...

Page 115: ...ault route will not be preferred over a RIP route to the subnet of the destination P330 protocol preferences are listed below from the most to the least preferred 1 Local directly attached net 2 High...

Page 116: ...1 OSPF external type 2 metric N to RIP metric N 1 Static to OSPF external type 2 metric configurable default 1 RIP metric N to OSPF external type 2 metric N Direct to OSPF external type 2 metric 1 By...

Page 117: ...address from its IP address This mechanism ability is called ARP Address Resolution Protocol The following mechanism describes how a station builds an ARP Table Figure 12 2 Building an ARP Table Stati...

Page 118: ...che arp Configure the amount of time that an entry remains in the ARP cache arp timeout Set the amount of time that an entry remains in the ARP cache back to default no arp timeout Set the maximum num...

Page 119: ...k of IP addresses rather than requiring an administrator to manage the task This means that a new computer can be added to a network without the hassle of manually assigning it a unique IP address Man...

Page 120: ...ach request and sends it to both servers This provides redundancy and prevents the failure of a single server from blocking hosts from loading You can enable or disable or DHCP BOOTP Relay in P330 BOO...

Page 121: ...erface basis When a netbios broadcast packet arrives from an interface on which netbios rebroadcast is enabled the packet is distributed to all other interfaces configured to rebroadcast netbios If th...

Page 122: ...red by the user The P330 supports Access Control policy Access Control rules define how the P330 should handle routed packets There are three possible ways to handle such packets Forward the packet Pe...

Page 123: ...d to a Virtual IP address is processed by P333R LB it checks the packet against the active policy list before any NAT manipulation is performed on the packet Upon returning from the real servers the p...

Page 124: ...policy list ip access list copy Set the scope of a policy list ip access list scope Verify that all the rules in a priority list are valid validate group Display information about the configured activ...

Page 125: ...y 6 to all TCP traffic originating in network 149 49 0 0 rule 1 2 Assigning priority 3 to all TCP traffic going to the host 172 44 17 1 rule 2 3 Denying Telnet sessions originated by the host 192 168...

Page 126: ...ation and reassembly IP Fragmentation works as follows IP packet is divided into fragments each fragment becomes its own IP packet each packet has same identifier source destination address fragments...

Page 127: ...ands in the file are in CLI format The user can edit the file if required and re configure the router module by downloading the configuration file Although the file can be edited it is recommended to...

Page 128: ...Chapter 12 Avaya P330 Layer 3 Features 114 Avaya P333R LB User s Guide...

Page 129: ...iated with a virtual router thus achieving the extreme reliability inherent in the P333R LB SAFER architecture In a VRRP environment host stations interact with the virtual router They are not aware t...

Page 130: ...ng table displays the VRRP Commands Figure 13 1 VRRP Commands In order to Use the following command Display VRRP information show ip vrrp Display full VRRP related information show ip vrrp detail Enab...

Page 131: ...17 Set the primary address used as the source address of VRRP packets for the virtual router ID ip vrrp primary Accept packets addressed to the IP address es associated with the virtual router ip vrrp...

Page 132: ...p interface 1 ip vlan name Default ip address 193 170 1 1 255 255 255 0 interface 2 ip vlan name Default ip address 10 1 1 10 255 255 255 0 enable vlan commands ip vrrp 1 ip vrrp 1 address 10 1 1 10 i...

Page 133: ...1 3 rsg server group type id slb 1 real slb server 10 1 1 1 real slb server 10 1 1 2 real slb server 10 1 1 3 virtual server web farm id 1 vip 193 170 1 3 virtual slb service www service id 1 applica...

Page 134: ...1 1 ip vrrp 2 ip vrrp 2 address 193 170 1 3 ip default gateway 193 170 1 4 1 low real slb server 10 1 1 1 real slb server 10 1 1 2 real slb server 10 1 1 3 rsg server group type id slb 1 real slb ser...

Page 135: ...comes functional again When detecting a failure the backup P333R LB sends a gratuitous ARP message that causes all stations to send their IP traffic to the backup P333R LB MAC address instead of the f...

Page 136: ...kup RSG is not used for the primary RSG s services until all the Real Servers in the primary RSG are down When backup is implemented the backup RSG runs the primary RSG s service in addition to its ow...

Page 137: ...n name Default ip address 10 1 1 10 255 255 255 0 interface 3 ip vlan name Default ip address 10 5 1 2 255 255 255 0 interface 1 ip vlan name Default ip address 193 170 1 1 255 255 255 0 ip default ga...

Page 138: ...lb server 10 5 1 4 real slb server 10 5 1 5 rsg server group type id slb 2 real slb server 10 1 1 1 real slb server 10 1 1 2 real slb server 10 1 1 3 rsg server group backup 1 virtual server web farm...

Page 139: ...ly checked A backup Real Server will not be used until the primary Real Server is down Note A backup Real Server cannot be a part of an RSG When the primary Real Server has recovered it will resume op...

Page 140: ...s 10 1 1 10 255 255 255 0 interface 3 ip vlan name Default ip address 10 5 1 2 255 255 255 0 interface 1 ip vlan name Default ip address 193 170 1 1 255 255 255 0 ip default gateway 193 170 1 2 1 low...

Page 141: ...apter 13 Layer 3 Redundancy Avaya P333R LB User s Guide 127 real slb server 10 1 1 3 virtual server web farm id 1 vip 193 170 1 3 virtual slb service www service id 1 application tcp 80 rsg server gro...

Page 142: ...Chapter 13 Layer 3 Redundancy 128 Avaya P333R LB User s Guide...

Page 143: ...multiple firewalls to operate in parallel giving you the ability to Scale firewall performance Eliminate the firewall as the single point of failure How It Works The P333R LB Balances traffic across t...

Page 144: ...Transparent Routing FWLB one on each side of the firewalls One device intercepts traffic between the protected zone and the firewall and the second device intercepts traffic between the unprotected zo...

Page 145: ...configured to pass through the P333R LB To configure your network as in Figure 14 1 the following should be done The LAN routers or hosts should be configured with 10 4 1 3 as the next hop toward the...

Page 146: ...3 255 255 255 0 Done P333R LB 1 1 config if 2 exit P333R LB 1 1 configure real routing fw 10 1 1 1 Done P333R LB 1 1 config rsrvr 10 1 1 1 id 1 Done P333R LB 1 1 config rsrvr 10 1 1 1 exit P333R LB 1...

Page 147: ...erform the following commands P330 1 configure session router Router 1 configure hostname P333R LB 2 P333R LB 2 1 configure interface 1 Done P333R LB 2 1 config if 1 ip address 193 170 1 1 255 255 255...

Page 148: ...group real routing fw 10 2 1 1 Done P333R LB 2 1 config rsg fw group real routing fw 10 2 1 2 Done P333R LB 2 1 config rsg fw group exit P333R LB 2 1 configure virtual fw service internal Done P333R...

Page 149: ...interface 2 ip vlan name Default ip address 10 1 1 3 255 255 255 0 interface 1 ip vlan name Default ip address 10 4 1 3 255 255 255 0 real routing fw 10 1 1 1 id 1 real routing fw 10 1 1 2 id 2 rsg f...

Page 150: ...55 255 0 interface 1 ip vlan name Default ip address 193 170 1 1 255 255 255 0 ip default gateway 193 170 1 2 1 low real routing fw 10 2 1 1 id 1 real routing fw 10 2 1 2 id 2 rsg fw group type id rou...

Page 151: ...ts should be configured with 10 4 1 3 as the next hop toward the WAN the default gateway in many cases The access router should be configured with 193 170 1 1 as the next hop toward the LAN The firewa...

Page 152: ...ult ip address 10 1 1 3 255 255 255 0 interface 1 ip vlan name Default ip address 10 4 1 3 255 255 255 0 real routing fw 10 1 1 1 id 1 real routing fw 10 1 1 2 id 2 rsg fw group type id routing fw 1 r...

Page 153: ...0 interface 2 ip vlan name Default ip address 193 170 1 1 255 255 255 0 ip default gateway 193 170 1 2 1 low real routing fw 10 2 1 1 id 1 real routing fw 10 2 1 2 id 2 rsg fw group type id routing fw...

Page 154: ...an name Default ip address 10 3 1 3 255 255 255 0 interface 2 ip vlan name Default ip address 193 170 2 3 255 255 255 0 real routing fw 10 3 1 1 id 1 real routing fw 10 3 1 2 id 2 rsg fw group type id...

Page 155: ...the default metric parameter for Transparent FWLB Hash is Source IP Destination IP Using the Hash metric sessions are distributed through firewalls using a predefined mathematical hash function This...

Page 156: ...ollowing figure illustrates how persistency is maintained even though a firewall becomes non operational Figure 14 4 MinMiss Hash Metric Persistency Sustained When Firewall 2 is removed from the group...

Page 157: ...s overloading and maximizes functionality If you assign a weight to a firewall the sessions are distributed to the firewalls in the same metric chosen Hash or MinMiss Hash However weighted firewalls a...

Page 158: ...Firewall Load Balancing This section explains how the P333R LB supports non Transparent Routing firewalls and includes configuration examples as well Implementation Non Transparent Routing firewalls a...

Page 159: ...ing interfaces Therefore IP routes in the network must be configured to pass through the P333R LB To configure your network as in Figure 14 5 the following should be done The LAN routers or hosts shou...

Page 160: ...ess 10 4 1 3 255 255 255 0 real routing fw 10 1 1 1 id 1 real routing fw 10 1 1 2 id 2 rsg fw group type id routing fw 1 real routing fw 10 1 1 1 real routing fw 10 1 1 2 virtual fw service external i...

Page 161: ...ween the two load balancers 10 1 1 3 and 10 2 1 3 for health check purposes Configure P333R LB1 to use the Hash metric and set the Hash parameter to destination Configure P333R LB2 to use the Hash met...

Page 162: ...oad Balancing This section explains how the P333R LB supports Bridging FWLB and includes a configuration example Implementation Bridging firewalls are firewalls that do not perform forwarding at the I...

Page 163: ...n Example Note The P333R LB performs load balancing on traffic that arrives to its routing interfaces Therefore IP routes in the network must be configured to pass through the P333R LB Internet Access...

Page 164: ...f Layer 3 Therefore to configure paths through the firewalls P333R LB1 must be configured to view the IP interfaces of P333R LB2 10 1 1 2 10 2 1 2 as its Real Servers P333R LB2 must be configured to v...

Page 165: ...2 virtual fw service bridging external id 1 bridging fw ip route 0 0 0 0 0 0 0 0 rsg fw group P333R LB 2 set vlan 1 name v1 set vlan 2 name v2 set vlan 3 name v3 hostname P333R LB 2 interface 1 ip vl...

Page 166: ...ion IP For full information about Hash and MinMiss Hash see Load Balancing Metrics for Transparent Routing FWLB on page 13 For full information on selecting a load balancing metric see Selecting a Loa...

Page 167: ...d outside the internal network The intrusion attempts might be either via Telnet CLI or SNMP HTTP Embedded Web manager The user can prevent attacks by implementing the following Change the L2 IP addre...

Page 168: ...etrics on page 37 To intercept traffic to the servers the P333R LB presents itself to the clients as a Virtual Server with a Virtual IP address VIP Client traffic travels to the P333R LB acting as a V...

Page 169: ...he Real Servers and clients might exist the returning packets could reach the client via a path external to the P333R LB These packets would be labelled with the real IP of the Real Server and not the...

Page 170: ...only Figure 14 8 illustrates a Half NAT based SLB configuration Figure 14 8 Half NAT Based SLB Configuration Example Note The Real Servers must be configured with the P333R LB as their default gatewa...

Page 171: ...55 255 255 0 Done P333R LB 1 config if 2 exit P333R LB 1 configure ip default gateway 193 170 1 2 Done P333R LB 1 configure real slb server 10 1 1 1 Done P333R LB 1 config rsrvr 10 1 1 1 exit P333R LB...

Page 172: ...e P333R LB replaces the Virtual IP address of the P333R LB with the real IP address of the Real Server as in Half NAT load balancing In addition P333R LB replaces the incoming client s IP address with...

Page 173: ...s own PIP enabling different flows to the same port You prepare banks of IP address ranges and associate each Virtual Service with a bank Note You can create 64 banks of PIP addresses with a total of...

Page 174: ...the traffic between three Real Servers In addition to the traffic path through the P333R LB a direct path exists between the Clients and the Real Servers through another router The P333R LB is config...

Page 175: ...srvr 10 1 1 3 exit P333R LB 1 super rsg server group Done P333R LB 1 super rsg server group type id slb 1 Done P333R LB 1 super rsg server group real slb server 10 1 1 1 Done P333R LB 1 super rsg ser...

Page 176: ...rect path from the router to the clients with Full NAT the traffic is forced to traverse the P333R LB for PIP client IP translation With Half NAT in such a scenario load balanced sessions would have f...

Page 177: ...red as the default gateway of the Real Servers This conserves resources and bandwidth on the P333R LB that is tasked with balancing client requests The following configuration file is a result of conf...

Page 178: ...n real slb server 10 1 1 2 direct server return real slb server 10 1 1 3 direct server return rsg server group type id slb 1 real slb server 10 1 1 1 real slb server 10 1 1 2 real slb server 10 1 1 3...

Page 179: ...he UDP service is mapped to a group of servers which include the primary and secondary Real DNS Servers The TCP service is configured to include only the Real DNS server which has the primary role Com...

Page 180: ...s the first n sessions where n is the Real Server weight The second Real Server receives the next n sessions and so on When all the servers receive at least one session the issuing process starts over...

Page 181: ...w persistency is maintained even though a server becomes non operational Figure 14 13 MinMiss Hash Metric Persistency Sustained When Server 2 is removed from the group the list of available servers is...

Page 182: ...on is periodically opened to every server checking for successful completion of the connection HTTP Server Checking Useful for web applications this method enables verifying HTTP server functioning by...

Page 183: ...a script on the server Script Health Check enables you to build your own script to run on the Real Server and return a pre defined response You configure a complete and explicit request header as well...

Page 184: ...be configured per an exact IP address or per a group of addresses For instance in cases where clients hide behind a NAT device which selects NAT addresses from an address block of 255 addresses enabli...

Page 185: ...the P333R LB a Real Server can belong to multiple server groups as long as the groups are not running the same Virtual Service If the groups are running the same service e g HTTP port re mapping shou...

Page 186: ...so known as Cache Redirection The AR feature can also be used for policy based source based routing For full details see Policy Based Routing Source Based Routing on page 57 Benefits By redirecting cl...

Page 187: ...f needed but the packet still has the Web server s IP address as the destination IP address 3 If the cache has the required page the cache returns the page to the client with the destination IP addres...

Page 188: ...ocal subnet of one of the P333R LB s local subnets 2 The clients must not reside on the cache s subnet or VLAN In order to configure the load balancer according to Figure 14 14 perform the following c...

Page 189: ...Done P333R LB 1 configure real ar server 10 1 1 1 Done P333R LB 1 config rsrvr 10 1 1 1 exit P333R LB 1 configure real ar server 10 1 1 2 Done P333R LB 1 config rsrvr 10 1 1 2 exit P333R LB 1 configu...

Page 190: ...ip vlan name v2 ip address 10 1 1 3 255 255 255 0 interface 2 ip vlan name Default ip address 10 2 2 3 255 255 255 0 interface 1 ip vlan name Default ip address 10 4 1 3 255 255 255 0 ip default gatew...

Page 191: ...configured as non spoofing i e caches that use their IP address as the source address This is as opposed to Spoofing caches which are capable of retaining the characteristics of the incoming packet ev...

Page 192: ...e id slb 1 real slb server 10 1 1 1 real slb server 10 1 1 2 rsg transparent proxy group type id ar 1 real ar server 10 1 1 1 real ar server 10 1 1 2 virtual server none transparent proxy server id 1...

Page 193: ...et is routed to the Real Server since its IP address is now the Destination IP address and the cache sends the packet back to the client Traffic not destined to the proxy cache is sent with the Web Se...

Page 194: ...The first Real Server in the group receives the first n sessions where n is the Real Server weight The second Real Server receives the next n sessions and so on When all the servers receive at least o...

Page 195: ...ervers are redistributed to the list entries freed by the failing cache server Figure 14 17 illustrates how persistency is maintained even though a cache server becomes non operational Figure 14 17 Mi...

Page 196: ...servers P333R LB supports the following health check methods ICMP Echo Each server is periodically pinged and checked if an answer was received TCP Port Checking A TCP connection is periodically open...

Page 197: ...searches for the expected strings only in the first HTTP packet sent by the server as a response to the GET HEAD request If the string search fails use the show hc last response command to view the re...

Page 198: ...ent load balancing schemes such as Hash or MinMiss Hash or by forcing persistent load balancing decisions on non persistent load balancing schemes such as Round Robin Decision forcing is performed by...

Page 199: ...ad balancing metrics and persistency options provide you with the following flexibility Round Robin generally gives you the best load balancing solution MinMiss Hash with the key set to Source IP give...

Page 200: ...Chapter 14 Load Balancing in the P333R LB 58 Avaya P333R LB User s Guide...

Page 201: ...rt Mirroring Setting up port mirroring for ports in an Avaya P330 Switch Trap Managers Configuration Viewing and modifying the Trap Managers Table Switch Connected Addresses View devices connected to...

Page 202: ...Note You should assign an IP address to the switch before beginning this procedure 1 Open your browser 2 Enter the url of the switch in the format http aaa bbb ccc ddd where aaa bbb ccc ddd is the IP...

Page 203: ...Chapter 15 Embedded Web Manager Avaya P333R LB User s Guide 61 The welcome page is displayed Figure 15 1 The Welcome Page...

Page 204: ...ava plug in installed the Web based manager should open in a new window see Figure 15 2 Figure 15 2 Web based Manager If you do not have the Java plug in installed follow the instructions on the Welco...

Page 205: ...ons for installing it manually Installing from the Avaya P330 Documentation and Utilities CD 1 Close all unnecessary applications on your PC 2 Insert the Avaya P330 Documentation and Utilities CD into...

Page 206: ...enables automatic installation of the Java plug in the first time the users tries to manage the device 1 Copy the emweb aux files directory from the Avaya P330 Documentation and Utilities CD to your...

Page 207: ...Avaya AVAYA P333R LB SECTION 2 TROUBLESHOOTING AND MAINTAINING THE P330...

Page 208: ......

Page 209: ...the power cord If the cord is inserted correctly check that the AC power source is working by connecting a different device in place of the P3330 If that device works refer to the next step If that d...

Page 210: ...16 Troubleshooting the Installation 68 Avaya P333R LB User s Guide Expansion module not inserted correctly Check that module are installed correctly Table 16 1 Troubleshooting Problem Cause Suggested...

Page 211: ...late or other sub module if installed 2 Insert the sub module gently into the slot ensuring that the Printed Circuit Board PCB is aligned with the guide rails The PCB not the metal base plate fits int...

Page 212: ...o the switch may remain on 2 Loosen the screws to the stacking sub module by turning the knobs 3 Take hold of the two knobs one near each side of the front panel and pull gently but firmly towards you...

Page 213: ...i Service Network Manager Suite Obtain Software Online You can download the firmware and Embedded Web Manager from the Software Download section at www avaya com support Downloading Software Download...

Page 214: ...embedded web image file from being downloaded into Bank A by providing a non existant file name for the Embedded Web image file preserves the old version in Bank A allows the user to boot from either...

Page 215: ...ny 49 69 95307 680 Bahrain 800 610 Ghana 31 70 414 8044 Belgium 32 2 626 8420 Gibraltar 31 70 414 8013 Belorussia 31 70 414 8047 Greece 00800 3122 1288 Bosnia Herzegovina 31 70 414 8042 Hungary 06800...

Page 216: ...414 8023 Tunisia 31 70 414 8069 Nigeria 31 70 414 8056 Turkey 800 4491 3919 Norway 47 235 001 00 UAE 31 70 414 8036 Oman 31 70 414 8057 Uganda 31 70 414 8061 Pakistan 31 70 414 8058 UK 44 0207 519500...

Page 217: ...Hot Line 1 720 4449 998 Fax 1 720 444 9103 For updated information visit www avaya com support and click Global Support Organization GSO Indonesia 800 1 255 227 Philippines 1800 1888 7798 Japan 0 120...

Page 218: ...User s Guide 2003 Avaya Inc All rights reserved All trademarks identified by the or TM are registered trademarks or trademarks respectively of Avaya Inc All other trademarks are the property of their...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands