Enterasys Enterasys Matrix DFE-Gold Series, Руководство по настройке

Страница: 644 / 944

Configuring Load Sharing Network Address Translation (LSNAT)
19-4 LSNAT Configuration
the UDP port. If the server responds with an ICMP “Port Unreachable” message, it is concluded
that the port is not active and the server is reported as “DOWN”. Otherwise, if the server either
gets data back from the request to the server or does not get any response at all, it is assumed that
the port is active and the server is reported as “UP”. The lack of a response could also be the
result of the server itself not being available and could produce an erroneous indication of the
server being “UP”. To avoid this when requesting an APP UDP on a UDP port, an ICMP ping is
issued first to insure that the server is available before submitting the APP UDP request. This
prevents a situation where the UDP port will not return a “Port Unreachable” because of the
server itself being down, resulting in LSNAT responding with a false indication that the UDP port
is “UP”.
Application Content Verification (ACV)
Application Content Verification (ACV) can be enabled on a port to verify the content of an
application on one or more load balancing servers. ACV is a method of ensuring that data coming
from your servers remains intact and does not change without your knowledge. ACV can
simultaneously protect against server outages, accidental file modification or deletion, and servers
whose security have been compromised. By nature, ACV is protocol independent and is designed
to work with any type of server that communicates via formatted ASCII text messages, including
HTTP, FTP, and SMTP. For ACV verification, you specify the following:
• A string that the router sends to a single server. The string can be a simple HTTP command to
get a specific HTML page, or it can be a command to execute a user ‐ defined CGI script that
tests the operation of the application.
• The reply that the application on each server sends is back used by the router to validate the
content. In the case where a specific HTML page is retrieved, the reply can be a string that
appears on the page, such as “OK”. If a CGI script is executed on the server, it should return a
specific response (for example, “OK”) that the router can verify.
ACV works by sending a command to your server and searching the response for a certain string.
If it finds the string, the server is marked as Up. If the string is not found, the server is marked as
Down.
For example, if you sent the following string to your HTTP server, “HEAD / HTTP/
1.1\\r\\nHost: www.enterasys.com\\r\\n\\r\\n”, you could expect to get a response of a
string returned similar to the following:
HTTP/1.1 200 OK
Date: Tue, 11 Dec 2007 20:03:40 GMT
Server: Apache/2.0.40 (Red Hat Linux)
Last-Modified: Wed, 19 Sep 2007 13:56:03 GMT
ETag: “297bc-b52-65f942c0”
Accept-Ranges: bytes
Content-Length: 2898
You can search for a reply string of “200 OK” this would result in a successful verification of the
service.
Because ACV can search for a string in only the first 255 bytes of the response, in most HTTP cases
the response will have to be in the packet ʹ s HTTP header (i.e., you will not be able to search for a
string contained in the web page itself).
Some protocols such as FTP or SMTP require users to issue a command to close the session after
making the request. A faildetect acv ‐ quit command allows for the input of the quit string
required.