Avanu WebMux A400X Скачать руководство пользователя страница 27 | Manualshive

Страница: 27 / 116

background image

27

a) Internet port cable physically disconnected or reports no link level connection, server

port cable still connected (should failover to secondary)

b) Server port cable physically disconnected or reports no link level connection, Internet

port cable still connected (should failover to secondary)

c) Front network verification enabled with one farm configured. (See the explanation in
NAT mode)

d) Multiple uplink gateways/nexthop farms. (See the explanation in NAT mode)

3) Single Network mode

Only one port needs to be connected in Single Network mode. The following scenarios take
the possibility that either the Internet port is used OR the Server port is used)

a) Internet port not connected, server port cable connected (should NOT failover to

secondary)

b) Server port not connected, Internet port cable connected (should NOT failover to

secondary)

c) Both ports not connected or reports no link level connection (should failover to

secondary)

d)   Front network verification enabled with one farm configured. (See the explanation in
NAT mode)

e)   Multiple uplink gateways/nexthop farms.  (See the explanation in NAT mode)

4) Out-of-Path mode

Ports are bonded in this mode. Both ports can be connected at the same  time, but it should
be OK for only one or the other to be connected

a)   Internet port cable physically removed or reports no link level connection, server  port
cable still connected (should NOT failover to secondary)

b)   Server port cable physically removed or reports no link level connection, Internet  port
cable still connected (should NOT failover to secondary)

c)   Both port cables disconnected (should failover to secondary)

d)  Front network verification enabled with one farm configured.  (See the explanation in
NAT mode)

e)   Multiple uplink gateways/nexthop farm. (See the explanation in NAT mode)

How to Add a Loopback Adapter

For Out-of-Path Mode, a loopback adapter or device similar in function is required.

«
...
25
26
27
28
29
...
»

Содержание WebMux A400X

Страница 1: ...WebMux Network Traffic Manager User Manual Models A400X A400XD A500X A500XD and A600X Version v11 0 00 Revision February 2015 www avanu com...

Страница 2: ...ECTION II WEBMUX MAIN COMPONENTS 11 Front View 11 Rear View 12 SECTION III WEBMUX TOPOLOGY OVERVIEW 14 WebMux Topology Modes 14 Two Armed NAT Mode 14 Two Armed Transparent Mode 18 One Armed Single Net...

Страница 3: ...ion Summary 32 SECTION V Management Console 43 Login 44 Start Login Page 44 User ID 44 Password 44 Login 45 Main Management Console 45 Save 46 Pause Resume 46 Adjusting Health Check Timeout for Each S...

Страница 4: ...esses 52 SNAT 52 Insert X Forwarded For SNAT only 52 Adding Static Routes 53 Reconfigure 54 Security Settings 55 Allowed Remote Host IPs 55 TACACS Server Configuration 55 LDAP server IPv4 URL 55 LDAP...

Страница 5: ...SSL Terminated HTTP Requests 70 Servers are HTTPS Servers Re encryption Layer 7 70 Servers Only Serve IPv4 Not IPv6 Layer 7 70 Farm Will Use MAP 70 Compress HTTP Traffic 70 SNAT 70 HTTP Server Respon...

Страница 6: ...Compress HTTP traffic 79 HTTP Server Response Comparison String 79 HTTP Server URI 79 Delete 79 Add Server 79 Server IP Address 79 Label 80 Server Port Number 80 Weight 80 Run State 80 Modify Server 8...

Страница 7: ...ux 97 Multiple Uplink VLAN Support 98 Important Considerations Pertaining Only to Additional Network Configurations 100 NAT Mode VLAN and Server LAN Gateway IP 100 Transparent Mode VLAN 101 Out of Pat...

Страница 8: ...8...

Страница 9: ...supporting an extensive range of applications and services Notice of Rights Copyright 2013 2015 AVANU Inc All rights reserved No part of any related WebMux documents may be reproduced or transmitted i...

Страница 10: ...ion Form Contact Information Mailing Address AVANU 5205 Prospect Rd 135 143 San Jose CA 95129 5034 United States Service Center AVANU 15011 Parkway Loop Building 10 Suite D Tustin CA 92780 6522 United...

Страница 11: ...N Indicator Under normal operations this indicates activity on the Management LAN interface Even if the system is not running there is still standby power If there is an active Ethernet connection in...

Страница 12: ...It goes through lower case letters upper case letters numbers and symbols Left Arrow Button and Right Arrow Button These move the cursor left and right into data entry fields and back Note that the C...

Страница 13: ...d Network Traffic ports are the ports used for Internet to Server load balancing The ports can be configured to all be on the same network in Transparent Single Network and Out of Path modes or on sep...

Страница 14: ...all those modes Each mode has its advantages and disadvantages Two Armed NAT Mode The main purpose of the WebMux is to balance IP traffic amongst multiple web or other servers The diagram above shows...

Страница 15: ...virtual farm or multiple farms must be configured on the WebMux A virtual farm is a single representation of the servers to the clients A farm consists of a group of servers that service the same doma...

Страница 16: ...er LAN The other interface connects to the server LAN The WebMux translates the router LAN IP addresses to private Class C addresses In this example the netmask is 255 555 255 0 The IP address of the...

Страница 17: ...ice will run on the new IP address Although the WebMux can work with any IP address range all servers IP should be private addresses If there is a firewall between the WebMux and the Internet router a...

Страница 18: ...133 156 210 Servers 2 and 3 serve Farm 2 Changes to the servers change the default gateway to 10 1 1 1 as well as the IP addresses to the 10 3 1 10 20 30 addresses If there is a service on the server...

Страница 19: ...balance any traffic targeted to the farm address and let all other traffic flow through like a network cable This simplifies some network configuration but isolating the server is an additional requi...

Страница 20: ...rmware older than 8 7 09 you may notice the server LAN side is not accessible For single WebMux setup any kind of switch will work since there is only one bridge path exist on the network No Spanning...

Страница 21: ...Mux will not alter the tag If the traffic is not for the HTTP port WebMux will not insert the XFF header for the traffic Enabling XFF header insertion is optional on a per farm basis If your host soft...

Страница 22: ...antage for OOP direct response is that the firewall protections built in to the WebMux will no longer function Users must provide their own firewall for incoming and outgoing traffic Also when using S...

Страница 23: ...witch that allows you to create Link Aggregation Groups LAG sometimes called EtherChannel or Port Channel the Internet port and Server port on the WebMux can both be connected to the switch and they w...

Страница 24: ...e as a single interface and effectively double the amount of data throughput Prior to version 8 2 03 the Internet port was deactivated in Out of Path Mode IPv6 Considerations The WebMux can load balan...

Страница 25: ...t If the primary unit goes down the secondary unit will activate the Server LAN gateway IP on itself to ensure that the real servers will always have a valid default gateway to use After these setting...

Страница 26: ...to ensure that high availability is intact Also the secondary unit has a safeguard to not take over immediately if it just recently gave back to the primary unit After about 5 minutes the secondary u...

Страница 27: ...th ports not connected or reports no link level connection should failover to secondary d Front network verification enabled with one farm configured See the explanation in NAT mode e Multiple uplink...

Страница 28: ...here The highest number meaning 1000 is higher than 100 You need to make sure that the Loopback Adapter has the highest number in the routing table Giving a lower number means a higher priority You w...

Страница 29: ...rvers Don t forget to add the proper farm IP to each virtual host configuration With IPv6 addresses add the IPv6 address of the FARM to lo adaptor Also be sure that the routing table has an IPv6 entry...

Страница 30: ...add this command to the bootup script ifconfig lo0 1 farm_ip_address up FreeBSD ifconfig l o0 inet farm_ip_address netmask 255 255 255 255 alias Oracle Solaris ifconfig lo0 1 FARM_IP_ADDR ifconfig lo0...

Страница 31: ...of another set of servers on port 443 and the third farm works on a set of servers on port 21 The WebMux supports combining 80 443 ports as one single farm so that same client browsing the site in HT...

Страница 32: ...tions if needed Make a new drawing for the new setup with the WebMux and the web farm in place This will be used as a guide for setup and preparation of all the necessary material and equipment Collec...

Страница 33: ...vice statistics screen will appear Run the Management Browsers Initial Configuration Enter WebMux Host Name Enter the host name of the WebMux Use the right arrow to move the position the up and down a...

Страница 34: ...tion It provides the best security for isolating servers from any other part of the networks Two Armed Transparent Mode or One Armed Single Network Mode provides the convenience of preserving your ser...

Страница 35: ...address to allow faster name resolution in UNIX or Linux operating systems In an installation with a primary and secondary WebMux a unique IP address is required for each WebMux interface that connec...

Страница 36: ...d Continue to the Common Configuration section Transparent Mode or Single Network Mode Related Configuration Enter Bridge IP Address This will be the IP address of the WebMux on the network so that yo...

Страница 37: ...at one should add this IP address to your servers etc hosts file along with the gateway IP address to allow faster name resolution especially on Linux UNIX systems For additional information reference...

Страница 38: ...so that no computer can access the browser management console At that point clearing the allowed host file will allow any browser to access it By default the allowed host list is empty so that any IP...

Страница 39: ...l the changes will be saved Only when you select NO do not discard changes changes will be saved to the internal solid state storage Changes will take effect after next reboot The next question will b...

Страница 40: ...hosts but not reset the password or change one option and not change the others Bond All Interfaces Setup As of firmware version 8 5 04 when you specify a non zero VLAN ID in NAT Mode or Transparent M...

Страница 41: ...channel interface should now be part of both VLAN 100 and VLAN 200 using TAGGED VLAN Now configure the switch to use ports 3 4 5 and 6 for the Front Internet LAN The devices connected these ports wil...

Страница 42: ...ssuming that it already has a 192 168 11 0 24 address you should now be able to ping the WebMux svr LAN IP address of 192 168 11 21 Setting Up the Management Port The management port on the WebMux is...

Страница 43: ...trative GUI does all of the WebMux management The following sections explain how to use the management console screens Login Main Management Console Network Setup Adding Static Routes Reconfigure Secu...

Страница 44: ...for unsecured communications The port number can be changed per your specification in the network management section of the network menu The following login page will appear In order to use a browser...

Страница 45: ...agement console to HTTPS connections only go to the network management screen by clicking on the network menu and make the WebMux HTTP control port number to 0 For customers who have configured TACACS...

Страница 46: ...frequently to provide the most up to date statuses You can use the Pause button to freeze the auto refresh After clicking the Pause button the button will change to Resume and the auto refresh will s...

Страница 47: ...47 IP address and server LAN gateway address to the server s name resolution table will help resolve this problem Please reference the Frequently Asked Questions section for more information...

Страница 48: ...N IP and you assigned fec0 as the IPv6 prefix the WebMux unit s complete IPv6 address will be fec0 192 168 12 21 or fec0 c0a8 c15 For additional information reference the section on IPv6 Consideration...

Страница 49: ...H KEY DESCRIPTION INFO STATS LCD display messages NOTICE LOGIN Successful browser login logout NOTICE SETUP Significant access and changes to setup and configuration items NOTICE EVENT Same as paper m...

Страница 50: ...ls help shows the commands how to use these commands are not supported When this entry is blank any diagnostic access is denied This entry should remain blank under normal operations Default port numb...

Страница 51: ...Network Verification IP Address You can specify a different IP address for the WebMux to use to check the front network It can be the router in front of the WebMux or a router in your ISP s WAN It can...

Страница 52: ...led server the WebMux will pretend the server is sending TCP Reset to the client thus freeing all the TCP_WAIT state connections The default setting is YES to conserve resources Front Proxy Addresses...

Страница 53: ...kbox and click confirm to delete the selected route Please remember that even though a new route is immediately active once you click the confirm button it is not automatically saved and will get lost...

Страница 54: ...unit you need to make sure you also click the save button on the main console screen in order to propagate the changes made to the backup unit Reconfigure The Reconfigure button will bring you to the...

Страница 55: ...rong IP addresses are entered the Web Management Administrative Console login might not be possible Use the setup mode on the LCD panel to clear the allowed host list This field is blank by default TA...

Страница 56: ...olicy Accept The WebMux will allow all ICMP packets to travel through the WebMux For CLI arp commands working properly this must be accept Deny The WebMux will NOT allow any ICMP packets to travel thr...

Страница 57: ...Anti Attack To get to the Anti Attack settings of the WebMux hover the mouse over the security menu on top and then click on the AAD link You will see this screen TCP Connection Attack Threshold This...

Страница 58: ...he amount of time to block attacker IP addresses It may not be desirable to block specific IP addresses indefinitely because of the dynamic nature of IP addresses used by the general public You may en...

Страница 59: ...ects the maximum allowable packet bursts Timeout in Seconds This setting will control duration in seconds that the connection blocking will be upheld Flood Control Display The Flood Control Display sc...

Страница 60: ...60...

Страница 61: ...ate change Download and Upload Backup and Restore Download This feature allows the saved not necessarily the active configuration to be saved at the Web Interface Administrative Browser workstation Be...

Страница 62: ...t you could save the configuration and upload all settings to the WebMux so that you do not need to go through step by step configuration requires both WebMux units on the same firmware revision Set C...

Страница 63: ...button to close the session The Login screen will re appear Shutdown The shutdown button will bring you to a confirmation screen to power off the WebMux Reboot Changes to TACACS server configuration s...

Страница 64: ...for Count This will stop the capture when this number of packets have been reached Timeout in seconds This will stop the capture when the timeout period in seconds has been reached Help This will tak...

Страница 65: ...h farm must have its own IP address The farm address could be the Internet known address or the address has been translated by your firewall For example if you want to create an HTTP farm for www mydo...

Страница 66: ...P address the WebMux does not need to do anything extra other than load balancing all the packets for that particular farm If the service is HTTP then any web server software Microsoft IIS or Apache c...

Страница 67: ...om the WebMux All servers talk to each other freely across the WebMux Load balancing occurs when the farm IP is accessed In Out of Path Mode only the Server LAN port is connected and the farm s must u...

Страница 68: ...select Generic TCP and specify port number 0 SERVICE PROTOCOL COMMON PORT DNS Domain Name Service TCP 53 FTP File Transfer Protocol TCP 21 HTTP Hypertext Transfer Protocol TCP 80 HTTPS Secure Hyperte...

Страница 69: ...nd 995 respectively and will allow you to choose any port for the clear traffic to the servers When using the generic or custom services specifying the clear traffic port for the service in the port n...

Страница 70: ...If the WebMux detects that the servers in the farm are already compressing the data the WebMux will not perform compression Instead it will let the compressed data from the servers pass through witho...

Страница 71: ...ue through to be forwarded to the servers in this farm Layer 7 Request URI Path Perl Regex Match When a string is entered in this field the request URI the part after the domain name will be examined...

Страница 72: ...en you only want encrypted traffic to reach your servers Tag SSL terminated HTTP Requests If the Servers are HTTPS Servers Re encryption setting is set to No traffic between the WebMux to your servers...

Страница 73: ...512 to 8192 RSA key length 1024 is also called 128 bit strong encryption At the bottom of the screen you will see the option to choose encryption protocols allowed This will enable you to restrict SS...

Страница 74: ...se newly generated item with the desired key length and then click on the Submit button This process is also known as generating a CSR or generating a Certificate Signing Request This is the process w...

Страница 75: ...e certificate dialog box select use new certificate pasted in and click on the Confirm button to save it into the WebMux Generally you will receive three certificates The one whose identity is your em...

Страница 76: ...de SSL authentication It is not for the intermediate certificate Importing Your Existing Private Key and Certificate If you already have an existing key and certificate in PEM format importing them in...

Страница 77: ...ous certificate DO NOT paste any text into the CA certificate text box The CA certificate field is for a completely different function known as Client Side SSL Authentication For normal farm SSL Termi...

Страница 78: ...xisting web site name on the server For addiontal information reference the section on Virtaul Hosting Issues within this User Manual Farm Scheduling Method Ten 10 different methods are supported Leas...

Страница 79: ...Farm HTTP Server Response Comparison String When a string is entered in this field WebMux HTTP Health Check will search the first 1024 bytes in the HTTP content String is a case sensitive match HTTP...

Страница 80: ...anged to zero the WebMux will not send new connections but will maintain all current connections to the server The connections will gradually reduce to zero as current clients sessions terminated When...

Страница 81: ...not be switch in This will allow the last server to show a different web page from others Modify Server Modify Server can be invoked by clicking on the server IP address on the Status screen Destinati...

Страница 82: ...eights will also have an effect on the number of standby servers that are activated If the failed active server had a weight of 20 and there are two standby servers with the weight of 10 the WebMux wi...

Страница 83: ...If you have a label specified and the server returns error code 401 then the WebMux will consider that server dead For both Microsoft IIS and Apache servers doing virtual hosting the farm name label m...

Страница 84: ...WebMux Compression true will be appended to the server response MIME header NOT supported in Out of Path Mode Add Gateway Farm Gateway Farms allow you to load balance outgoing traffic between multiple...

Страница 85: ...r a label for reference purposes The use of the label for gateways is optional Click the Confirm button to create the gateway farm Your status screen will look something like this Your original defaul...

Страница 86: ...its run state to Active again through the browser interface This will give system administrators time to fix the system or reboot the gateway once some software hardware update is completed Favorite A...

Страница 87: ...determined by the front network verification protocol setting in the Network Setup section of this User Manual If you click on the nh link under the service column you will get to the modify service...

Страница 88: ...200 and a plain text page beginning with one of the allowed responses The URL is truncated to 255 bytes to be a string of at most 256 bytes with a terminating null The response from the server must f...

Страница 89: ...g that can be passed to your custom health check script For example the actual request from the WebMux will include the query string custom farm IP PORT server IP PORT alive 1 standby 0 favorite 0 las...

Страница 90: ...rt in the farm configuration the WebMux will do Generic TCP port check on the server port As long as the port is open and responding to TCP connect the server will be considered alive The conditions w...

Страница 91: ...nitor Traffic History Chart To monitor the traffic history WebMux keep some of its statistics information in the memory during running Please note that this information will be lost once WebMux is reb...

Страница 92: ...efault superuser s password is superuser However the actual superuser s password may have been changed by the system administrator If you could not remember the superuser s password someone has to go...

Страница 93: ...x is equipped with a CLI utility Here are examples of CLI commands Once the diagnose ports set superuser could use ssh or telnet to access the CLI commands to help troubleshoot network problems or ser...

Страница 94: ...e the default boot partition to the other one brctl manually manipulate Ethernet bridge properties when the WebMux is in Transparent Mode checkssl verifies key and certificate For example checkssl 1 w...

Страница 95: ...ping command for IPv6 poweroff initiates the proper shutdown sequence putallsettings allows you to import your saved all settings files putconfig restore farm server settings from your PC to WebMux rd...

Страница 96: ...t 192 168 10 98 always appear to be sent from one of your public IP addresses i e 66 1 1 98 on the WebMux you can use this iptables command iptables t nat I POSTROUTING s 192 168 10 98 d 192 168 10 98...

Страница 97: ...eference the Access CLI Commands section within this User Manual You may also specify VLAN tagging for these networks VLAN tagging is optional If it is used the switches to which the WebMux is connect...

Страница 98: ...ink VLAN Support As of version 8 5 00 the WebMux support load balancing multiple uplink capabilities You can configure this feature using the command line interface command nwconfig additional network...

Страница 99: ...help usage print this usage message i ipaddr IPADDR WebMux unit s IP address on the network is IPADDR e g 192 168 14 22 L list PATTERN list existing additional network configurations whose name match...

Страница 100: ...additional network configuration with nwconfig the additional network will use the same VLAN ID that you specified for your original network configuration Even though the WebMux allows for this kind...

Страница 101: ...o come from You will have problems with Windows servers if you use a farm IP that is the same as the main IP This is because Windows utilizes the MS Loopback Adapter with the farm IP When the WebMux s...

Страница 102: ...first time setup and one time use Once you have configured the WebMux via the configuration wizard additional configuration modifications should be done via the WebMux management GUI Each wizard will...

Страница 103: ...103...

Страница 104: ...xy IP Address Router LAN Network IP Address Mask Router LAN VLAN ID optional Server LAN Information NAT and OOP Server LAN WebMux IP Address Server LAN Gateway IP Address optional for OOP Server LAN N...

Страница 105: ...ation Server LAN WebMux IP Address 192 168 199 251 Server LAN Gateway IP Address 192 168 199 1 Server LAN Network IP Address Mask 255 255 255 0 Server LAN VLAN ID optional 102 Administration Setup Inf...

Страница 106: ...10 Bridge IP Network Mask 255 255 255 0 WebMux farm IP Address 205 133 156 200 front Router LAN VLAN ID optional 101 back Server LAN VLAN ID optional 102 Administration Setup Information External Gate...

Страница 107: ...loopback adapter 10 1 1 200 Route Deletion 10 1 1 200 Administration Setup Information WebMux External Gateway IP address 10 1 1 1 Remake home WebMux conf passwd Y Administration HTTP Port Number 24...

Страница 108: ...Mux Proxy IP Address 205 133 156 200 205 133 156 200 Router LAN Network IP Address Mask 255 255 255 0 255 255 255 0 Router LAN VLAN ID optional 101 101 Server LAN Information Server LAN WebMux IP Addr...

Страница 109: ...STANDBY No A weight of 0 indicates that the server will not accept any new connections The state is considered neither ACTIVE nor STANDBY This is to quiet the new connections for the server so that it...

Страница 110: ...er hosts in my internal network Yes The function that allows the web servers to talk to services such as the credit card validation allows the WebMux to function as a proxy server for any host in the...

Страница 111: ...ary WebMux cannot reach to the front router LAN gateway or if it cannot see any server in any farm then it will consider that the primary was disconnected or powered down purposely by operator Why can...

Страница 112: ...iving product Upon approval a RMA number will be issued by AVANU s Customer Service for the return and must be visible on the outside shipping container Customer is responsible for freight and carrier...

Страница 113: ...s 8 00 am to 5 00 pm Pacific time Product technical support Monday to Friday except US Holidays 8 00 am to 5 00 pm Pacific time Premium Annual Service Program First year must be purchased with the Web...

Страница 114: ...r Responsibilities In order to avoid the risk of charges for issues not covered by your limited warranty issues that are not due to defects in materials and workmanship on AVANU WebMux products you wi...

Страница 115: ...ONS INTENDED FOR THE WEBMUX PRODUCT About the Support Disclaimer The Support provision covers product configuration and basic remote installation support up to the first sixty days 60 from purchase da...

Страница 116: ...e required for all warranty repair service or sales returns AVANU has the right to refuse any shipment without a RMA number AVANU has the right to offer promotional programs at any time where the Limi...

Отзывы:

Нет отзывов

Похожие инструкции для WebMux A400X

Express5800/E120d-M

Бренд: NEC Страницы: 2

Бренд: 4RF Страницы: 7

Бренд: FabiaTech Страницы: 4

Linear SCP-LT8362-S-EVALZ

Бренд: Analog Devices Страницы: 8

Бренд: RAIDAGE Страницы: 60

Бренд: ebm-papst Страницы: 11

Бренд: 3Com Страницы: 50

Бренд: Moxa Technologies Страницы: 2

Speed Touch 591s

Бренд: Alcatel Страницы: 184

Enterasys Matrix 2G4082-25

Бренд: Enterasys Страницы: 58

Hotwire 8775 MSDSL

Бренд: Paradyne Страницы: 10

Бренд: Rajant Corporation Страницы: 40

Бренд: Idis Страницы: 22

Бренд: iDirect Страницы: 72

Бренд: National Instruments Страницы: 121

Бренд: ZyXEL Communications Страницы: 23

Бренд: Xilinx Страницы: 29

Бренд: ADTRAN Страницы: 20

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды