Enterasys Matrix DFE-Gold Series

To Next Page

To Previous Page

Configuring Load Sharing Network Address Translation (LSNAT)

19-2 LSNAT Configuration

•WhendifferentvirtualserverIPs(VIPs)sharethesamerealserverindifferentserverfarms,

thepersistencelevelmustbesetthesame.

•Ingeneral,inordertoeditordeleteavirtualserverorrealserver(serverfarm)configuration,

thedevicesmustbefirstconfigured“outofservice”(noinservice)

beforethechangeswillbe

allowed.

Session Persistence

LoadbalancingclientsconnecttoavirtualIPaddresswhich,inreality,isredirectedtooneof

severalphysicalserversinaloadbalancingserverfarmgroup.Inmanywebpagedisplay

applications,aclientmayhaveitsrequestsredirectedtoandservicedbydifferentserversinthe

group.Incertain

situations,however,itmaybecriticalthatalltrafficfortheclientbedirectedto

thesamephysicalserverforthedurationofthesession—thisistheconceptofsessionpersistence.

Whentherouterreceivesanewsessionrequestfromaclientforaspecificvirtualaddress,the

routercreates

abindingbetweentheclient(source)IPaddress/portsocketandthe(destination)IP

address/portsocketoftheloadbalancingserverselectedforthisclient.Subsequentpacketsfrom

clientsarecomparedtothelistofbindings.Ifthereisamatch,thepacketissenttothesameserver

previouslyselectedfor

thisclient.Ifthereisnotamatch,anewbindingiscreated.Howtherouter

determinesthebindingmatchforsessionpersistenceisconfiguredwiththepersistencelevel

commandwhenthevirtualserveriscreated.

Therearethreeconfigurablelevelsofsessionpersistence:

• TCPpersistence—abindingis

determinedbythematchingthesourceIP/portaddressas

wellasthevirtualde stinationIP/portaddress.For example,requestsfromtheclientaddress

of134.141.176.10:1024tothevirtualdestinationaddress207.135.89.16:80isconsideredone

sessionandwouldbedirectedtothesameloadbalancingserver(forexample,theserverwith

address10.1.1.1).Arequestfromadifferentsourcesocketfromthesameclientaddressto

thesamevirtualdestinationaddresswouldbe consideredanotherses si o n andmaybe 

directedtoadifferentloadbalancingserver(forexample,theserverwithIPaddress10.1.1.2).

Thisisthedefaultlevelofsession

persistence.

• SSLpersistence—abindingisdeterminedbymatchingthesourceIPaddressandthevirtual

destinationIP/portaddress.NotethatrequestsfromanysourcesocketwiththeclientIP

addressareconsideredpartofthesamesession.Forexample,requestsfromtheclientIP

addressof134.141.176.10:1024or134.141.176.10:1025

tothevirtualdestinationaddress

207.135.89.16:8 0wouldbeconsideredonesessionandwouldbedirectedtothesameload

balancingserver(forexample,theserverwithIPaddress10.1.1.1).

• Stickypersistence—abindingisdeterminedbymatchingthesourceanddestinationIP

addressesonly.Thisallowsallrequestsfrom

aclienttothesamevirtualaddresstobedirected

tothesameloadbalancingserver.Forexample,bothHTTPandHTTPSrequestsfromthe

clientaddress134.141.176.10tothevirtualdestinationaddress207.135.89.16wouldbe

directedtothesameloadbalancingserver(forexample,theserverwithIPaddress10.1.1.1).

Sticky Persistence Configuration Considerations

Stickypersistencefunctionalityprovideslesssecuritybutthemostflexiblecapabilityforusersto

loadbalanceallservicesthroughavirtualIPaddress.Inaddition,thisfunctionalityprovides

betterresourceusagebytheLSNATrouter,aswellasbetterperformanceforthesameclients

tryingtoreachthesamerealservers

acrossdifferentservicesthroughavirtualserver.

Forexample,withstickypersistence,HTTP,HTTPS,TELNETandSSHrequestsfromaclient

(200.1.1.1)tothevirtualserveraddress(192.168.1.2)wouldallbedirectedtothesamerealserver.

Theclientalwaysgoestothesamerealserverforalltheservices

providedbythatserver,andit

Table of Contents

Related product manuals