Enterasys Matrix DFE-Gold Series

944 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Configuring Load Sharing Network Address Translation (LSNAT)

19-4 LSNAT Configuration

theUDPport.IftheserverrespondswithanICMP“PortUnreachable”message,itisconcluded

thattheportisnotactiveandtheserverisreportedas“DOWN”.Otherwise,iftheservereither

getsdatabackfromtherequesttotheserverordoesnotgetanyresponseatall,

itisassumedthat

theportisactiveandtheserverisreportedas“UP”.Thelackofaresponsecouldalsobethe

resultoftheserveritselfnotbeingavailableandcouldproduceanerroneousindicationofthe

serverbeing“UP”.ToavoidthiswhenrequestinganAPP

UDPonaUDPport,anICMPpingis

issuedfirsttoinsurethattheserverisavailablebeforesubmittingtheAPPUDPrequest.This

preventsasituationwheretheUDPportwillnotreturna“PortUnreachable”becauseofthe

serveritselfbeingdown,resultinginLSNATrespondingwitha

falseindicationthattheUDPport

is“UP”.

Application Content Verification (ACV)

ApplicationContentVerification(ACV)canbeenabledonaporttoverifythecontentofan

applicationononeormoreloadbalancingservers.ACVisamethodofensuringthatdatacoming

fromyourserversremainsintactanddoesnotchangewithoutyourknowledge.ACVcan

simultaneouslyprotectagainstserver

outages,accidentalfilemodificationordeletion,andservers

whosesecurityhavebeencompromised.Bynature,ACVisprotocolindependentandisdesigned

toworkwithanytypeofserverthatcommunicatesviaformattedASCIItextmessages,including

HTTP,FTP,andSM TP.ForACVverification,youspecifythefollowing:

•Astringthat

theroutersendstoasingleserver.ThestringcanbeasimpleHTTPcommandto

getaspecificHTMLpage,oritcanbeacommandtoexecuteauser‐definedCGIscriptthat

teststheoperationoftheapplication.

•Thereplythattheapplicationoneachserversendsis

backusedbytheroutertovalidatethe

content.InthecasewhereaspecificHTMLpageisretrieved,thereplycanbeastringthat

appearsonthepage,suchas“OK”.IfaCGIscriptisexecutedontheserver,itshouldreturna

specificresponse(forexample,

“OK”)thattheroutercanverify.

ACVworksbysendingacommandtoyourserverandsearchingtheresponseforacertainstring.

Ifitfindsthestring,theserverismarkedasUp.Ifthestringisnotfound,theserverismarkedas

Down.

Forexample,ifyousent

thefollowingstringtoyourHTTPserver,“HEAD/HTTP/

1.1\\r\\nHost:www.enterasys.com\\r\\n\\r\\n”,youcould expecttogetaresponseofa

stringreturnedsimilartothefollowing:

HTTP/1.1 200 OK

Date: Tue, 11 Dec 2007 20:03:40 GMT

Server: Apache/2.0.40 (Red Hat Linux)

Last-Modified: Wed, 19 Sep 2007 13:56:03 GMT

ETag: “297bc-b52-65f942c0”

Accept-Ranges: bytes

Content-Length: 2898

Youcansearchforareplystringof“200OK”thiswouldresultinasuccessfulverificationofthe

service.

BecauseACVcansearchforastringinonlythefirst255bytesoftheresponse,inmostHTTPcases

theresponsewillhavetobeinthepacketʹsHTTP

header(i.e.,youwillnotbeabletosearchfora

stringcontainedinthewebpageitself).

SomeprotocolssuchasFTPorSMTPrequireuserstoissueacommandtoclosethesessionafter

makingtherequest.Afaildetectacv‐quitcommandallowsfortheinputofthequit

string

required.

Table of Contents

Related product manuals

Preview: Enterasys Matrix 2G4072-52

Enterasys Matrix 2G4072-52

Preview: Enterasys Matrix E1 1H582-51

Enterasys Matrix E1 1H582-51

Enterasys Matrix E1 1G694-13

Preview: Enterasys Matrix-V V2H124-24

Enterasys Matrix-V V2H124-24

Preview: Enterasys C3G124-24

Enterasys C3G124-24

Preview: Enterasys B5G124-24

Enterasys B5G124-24

Enterasys A4H124-48P

Preview: Enterasys B5G124-24P2

Enterasys B5G124-24P2

Preview: Enterasys SecureStack C2

Enterasys SecureStack C2

Enterasys SSA-G1018-0652

Preview: SecureStack B3 B3G124-24P

SecureStack B3 B3G124-24P

Preview: SecureStack B2 B2G124-48P

SecureStack B2 B2G124-48P