EasyManuals Logo

Enterasys Matrix DFE-Gold Series User Manual

Enterasys Matrix DFE-Gold Series
944 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #643 background imageLoading...
Page #643 background image
Configuring Load Sharing Network Address Translation (LSNAT)
Enterasys Matrix DFE-Gold Series Configuration Guide 19-3
wouldonlyrequiretheuseofonebindinghardwareresource(insteadofoneperserviceper
client).
Inordertousestickypersistence,thefollowingconfigurationcriteriaarerequired:
•Stickypersistencemustbeconfiguredfortheserverfarmgroup(withthestickycommand)as
wellasforthevirtualserver(withthe
persistencelevelcommand).
•Therealserversinthisserverfarmaretobeusedforallservices.Theserversarenotallowed
tobeusedwithotherserverfarmstosupportothervirtualserverservices.Thereisone
exceptiontothisrule,describedinthenextbulletitem.
•Stickymeansall
TCPportsorallUDPportsonthevirtualserveraresupported,butnotboth.
YoucancreatetwovirtualserverswithdifferentIPaddresses(oneforTCPprotocolsandone
forUDPprotocols/ports)andusethesamerealservers(withdifferentserverfarmnames).
ThatwayallTCPandUDPports
aresupportedbythesamesetofrealservers.
•Port0inthevirtualserverhastobeusedtosupportthisserviceandisreservedforthis
purpose.
•TheserviceFTPconfigurationisnotneededforthistypeofpersistence.(Seethevirtual
command,virtualonpage 1922.)
Configuring Direct Access to Real Servers
WhentheLSNATrouterhasbeenconfiguredwithloadbalancingserverfarmgroups,withreal
serversandvirtualserversconfiguredand“inservice,”therealserversareprotectedfromdirect
clientaccessforallservices.Loadsharingclientscanonlyaccessspecificservicesonthereal
serversbymeansofthe
virtualserversconfiguredtoprovidethoseservices.
Ifyoualsowanttoprovidedirectclientaccesstorealserversconfiguredaspartofaserverfarm
group,therearetwomechanismsthatcanprovidedirectclientaccess.
Thefirstmechanism,configuredwithinvirtualserverconfigurationmodewiththeallow
accessserverscommand,
allowsyoutoidentifyspecificclientswhocansetupconnections
directlytoarealserversIPaddress,aswellascontinuetousethevirtualserverIPaddress.
Thesecondmechanism,configuredinGlobalconfigurationmodewiththeipslballowaccess_all
command,allowsallclientstodirectlyaccessallservices
providedbyrealservers,exceptforthose
servicesconfiguredtobeaccessedbymeansofaconfiguredvirtualserver.Therealserversarestill
protectedfromdirectclientaccessforconfiguredservicesonly.Forexample,usingthis
mechanism,ifyouconfiguredaloadbalancingservergroupcontaining“realserver1”and
“realserver2”
toprovideHTTPservicethroughvirtualserver“vserverhttp,”clientscanonly
accesstheHTTPserviceonthoserealserversbymeansofthe“vserverhttp”virtualserver.
However,clientscandirectlyaccess“realserver1”and“realserver2”foranyservicesotherthan
HTTP.
Ifyoucombinethetwomechanisms,thatis,configure
ipslballowaccess_allattheGlobal
configurationmodeandalsoconfigureallowaccessserverswithinavirtualserversconfiguration
mode,theclientsidentifiedwiththeallowaccessserverscommandwillhavedirectaccesstothe
realserversforallservices(includingthoseprovidedbyavirtualserver)andbeblockedfrom
using
thevirtualserver.Soforexample,an“allowed”clientcanaccess“realserver1”and
“realserver2”directlyforallservices,includingHTTP,butcannotaccessthoseserversforHTTP
bymeansofthe“vserverhttp”virtualserver.
Service Verification
UPDportserviceverificationcanbeenabledononeormoreloadbalancingservers.Thefirmware
accomplishesthisbysendingaUDPpacketwith“\r\n”(CarriageReturn/LineFeed)asdatato

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Enterasys Matrix DFE-Gold Series and is the answer not in the manual?

Enterasys Matrix DFE-Gold Series Specifications

General IconGeneral
BrandEnterasys
ModelMatrix DFE-Gold Series
CategorySwitch
LanguageEnglish

Related product manuals